Archive

GP encryption is not new – quite the opposite. But it’s always had one big advantage over its leading competitor: S/MIME. S/MIME is used to encrypt email using certificate-based, 3rd-party authentication whereas PGP relies on dual, private/public key encryption. And thanks both to S/MIME gaining commercial vendor support relatively early, coupled with being easier than the open-source-supported PGP (with relatively primitive tools that required some degree of technical competency to master); those wanting to encrypt email easily had to deal with investing in 3rd party certificates that could cost hundreds or even thousands of dollars before the feature was available.

Thanks to Edward Snowden, we’re all now pretty-well acquainted with the notion we’ve lost privacy and will likely never get it back. But even so, that doesn’t mean the government (or God-knows-who nowadays) ought to have carte blanche to read chats, emails or become privy to what you’re downloading via bitTorrent or what cash you’re exchanging with parties online. (At least not until tax time.) And a tool that works on all platforms big and small, like Keybase, is now available to assist with all of the above!

To begin, it’s best to start on a Mac or Windows environment – somewhere where the configuration utility can operate. The system does a pretty decent job of talking one through the process of setting up one’s first PGP (security) keys and getting the app installed. However, one improvement for the future might be getting this utility (also called a “CLI” or “command-line interface”) to work within a web browser so one can perform the entire process using a hand-held device. Once the software is installed, one finds installed an icon in their system tray (on Windows) which will present the list of users and some very heavily shaded icons (despite) which are used to access other parts of the Keybase app. The CLI also has its own icon deployed to the Windows ‘Start’ menu and this is where you can quickly access many of the features associated with setup. In my case, I already had PGP keys and so using the CLI was a necessary part of the setup. Regardless, to get acquainted with the CLI and how it works with setup, I’d begin by loading up a copy of the “new user” docs in a web browser. Then in the CLI utility, run two commands:

First, run “keybase help” to see what commands are instantly available to you as a new, unregistered user (there are a few), and

Second,, run “keybase signup”.

Finally, I’d quickly read through the “basic docs” you have open in your browser and drill down into any areas where you have questions. Still more questions about Keybase and maybe PGP? I strongly advise you get a Reddit account if you’ve not already got one and access the group called r/Keybase. You’ll find this well-trafficked!

Although the Keybase app (accessed from the system tray) links to several choice apps, PGP is extremely versatile and plug-ins exist for Microsoft Outlook 2016 (and earlier) and is used with numerous other applications.

If there is a down-side to the app, there is a concern that — since a Keybase account can be used with several keys — it could be possible for someone to associate 2 keys (which typically involve two email addresses being known) together and thereby create an identity profile on a Keybase user. This is a security concern, although an obvious workaround would be to register PGP keys to separate Keybase accounts and thereby never expose oneself. Keybase itself claims it never advertises personal details, but if one connects to another user (say, for secure chat) and exchanges their public key; in such a case the potential would exist for that 3rd party to disclose your email at their discretion. (This itself isn’t a security flaw, but it is something to be mindful of when exchanging data security regardless of the means used.)

Sharing Icons

Support this author…

Maintaining a blog site like this takes a commitment of time to write and update material. Although I enjoy it, this commitment detracts from other activities I am involved with, through which I support myself. Your donations encourage me to stay on track, committed as a writer covering those topics which are of interest to you.

The Eclipse foundation recently released MicroProfile 2.2, helping developers to create microservices on top of EE 8. This release comes at the same time that Eclipse is taking over as steward of Java EE and rebranding it to Jakarta EE. By Erik Costlow

This panelists discuss the changes society has seen since the advent of social media and how they're building the next generation of software tools to protect against online harassment. By Leigh Honeywell, Danielle Leong, Sri Ponnada, Kat Fukui

Joy Gao talks about how database streaming is essential to WePay's infrastructure and the many functions that database streaming serves. She provides information on how the database streaming infrastructure was created & managed so that others can leverage their work to develop their own database streaming solutions. She goes over challenges faced w […]

An overview of how the InfoQ editorial team sees the "cloud" and "DevOps" topics evolving in 2019, which focuses on platforms and practices that are being de facto standards and emerging technologies. By Chris Swan, Daniel Bryant, Steffen Opel, Helen Beal, Manuel Pais

Amazon has added another set of new threat detections to its GuardDuty service in AWS. The three new threat detections are two new penetration testing detections and one policy violation detection. By Steef-Jan Wiggers

I think we’ve established there is a bit of a stereotype for men here... but there’s gonna be a stereo type for the other side too (women) cause that’s just how it works. Just because there’s a gender in the name, doesn’t mean other genders aren’t welcome, which is the case here.

Well you are welcome to fly with us if you want to be a part of the squadron - actually winging up with other players is not mandatory, you can still stick to solo but be part of our group if you like :) - o7

Well Chaps it's been a while but we're back. Running like the Thargoids are chasing us to catch back up with #DW2 tonight from 8pm UTC in @EliteDangerous over @Twitch http://twitch.tv/smiter1983 #TeamXebon

It doesn't bother (me, in fact). That was just to say. I won't ever create a "women" group. Cause diversity is interesting. And if Fathers have to wait for their children's sleep, I think that's because they care. So I don't throw the stone. 1/2